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LIST OF CLAIMS / AMENDMENTS 



In the Claims 

Please cancel claims 3, 12, 19-20, 25-31, and 36 without prejudice. 
Claims 25-31 are canceled as non-elected claims in response to a telephone call 
from the Examiner on August 25, 2005 for a restriction requirement election 
(Office Action p2). 

Please amend claims 1, 4-8, 1 1, 16, 23, 32, and 37-41 as shown herein. 

Claims 1-2, 4-11, 13-18, 21-24, 32-35, and 37-74 are pending and are listed 
following: 

L (currently amended) An enterprise network architecture, comprising: 

a first network system including one or more first network system domains; 

a second network system including one or more second network system 
domains, the second network system being autonomous from the first network 
system such that the first network system domains are administratively 
independent from the second network system domains; and 

a trust link between a first network system root domain and a second 
network system root domain, the trust link configured to provide transitive 
resource access between the one or more first network system domains and the 
one or more second network system domains where the transitive resource access 
includes remote authentication such that an account managed by t he second 
network system can initiate a request for authentication via a first network system 
domain. 
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2. (original) An enterprise network architecture as recited in 
claim 1, wherein: 

the first network system root domain is configured for communication with 
the one or more first network system domains; 

the second network system root domain is configured for communication 
with the one or more second network system domains; and 

the trust link is further configured to provide transitive security associations 
between the one or more first network system domains and the one or more second 
network system domains. 

3. (canceled) 

4. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the transitive resource access includes the remote 
authentication to access a resource managed in the second network system, such 
that eft the account managed by the second network system can initiate [[a]] the 
request for authentication to access the resource via [[a]] the first network system 
domain. 
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5. (currently amended) An enterprise network architecture as 
recited in claim 1 , wherein: 

[[a]] the first network system domain includes a first domain controller; 
a second network system domain includes a second domain controller; and 
an the account managed by the second domain controller can initiate [[a]] 
the request for remote network authentication via the first domain controller. 

6. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein: 

[[a]] the first network system domain includes a first domain controller; 
a second network system domain includes a second domain controller; and 
w& the account managed by the second domain controller can initiate [[a]] 
the request for authentication to access a resource managed in the second network 
system, the request for authentication communicated from the first domain 
controller to the second network system via the trust link. 
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second network system can access resources in the first network system. 

9- (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a one-way trust link initiated by an administrator 
of the first network system, the one-way trust link configured to provide transitive 
resource access from the second network system domains to the first network 
system domains. 
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10. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a two-way trust link initiated by a first network 
system administrator and by a second network system administrator, and wherein 
the transitive resource access is automatically configured when the trust link is 
established, 

11. (currently amended) An enterprise network architecture as 
recited in claim l f wherein the first network system is configured to determine 
from the trust link where to communicate a request for a resource, the request 
received from as the account managed in the first network system and the resource 
maintained by the second network system. 

12. (canceled) 

13. (original) An enterprise network architecture as recited in 
claim 1, wherein the first network system is configured to receive a request to 
logon to the second network system and determine from the trust link where to 
communicate the request, and wherein the second network system is configured to 
authenticate the request. 

14* (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure configured to maintain 
namespaces corresponding to trusted network system domain components. 
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15. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link includes a first network system data structure and a 
second network system data structure, the first network system data structure 
configured to maintain trusted namespaces corresponding to the second network 
system, and the second network system data structure configured to maintain 
trusted namespaces corresponding to the first network system. 

16. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the trust link is a data structure configured to maintain 
namespaces corresponding to the second network system, and wherein the first 
network system is configured to; 

maintain the data structure; and 

automatically designate which of the namespaces are trusted by the first 
network system. 

17. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure maintained by the first network 
system, the data structure configured to maintain namespaces corresponding to 
trusted second network system domain components, and the trusted second 
network system domain components being designated as trusted by a first network 
system administrator. 
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18. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure maintained by the first network 
system, the data structure configured to maintain trusted namespaces 
corresponding to the second network system, and wherein the first network system 
is configured to receive a request to logon to the second network system and 
determine from the trusted namespaces where to communicate the request. 

19-20. (canceled) 

21. (original) An enterprise network architecture as recited in 
claim 1 7 wherein the first network system is configured to: 

receive an account request to logon to the second network system; 
determine from the trust link where to communicate the account request; 

and 

provide a security identifier to the second network system, the security 
identifier corresponding to the account 
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22, (original) An enterprise network architecture as recited in 
claim 1, wherein: 

the first network system is configured to determine from the trust link 
where to communicate a service account request to access a resource maintained 
by the second network system; 

the first network system is further configured to provide a security 
identifier to the second network system, the security identifier corresponding to a 
user account maintained by the first network system; and 

the second network system is configured to determine from the trust link 
whether to trust the security identifier to authorize the service account request 

23. (currently amended) An enterprise network architecture as 
recited in claim 1, wherein the trust link is a data structure maintained by the first 
network system, the data structure configured to maintain trusted namespaces 
corresponding to the second network system, and wherein the first network system 
is configured to: 

determine from the trusted namespaces where to communicate a logon 
request received from aa the account managed in the second network system; and 

provide a security identifier to the second network system, the security 
identifier corresponding to the account. 
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24. (original) An enterprise network architecture as recited in 
claim 1, wherein the trust link is a data structure maintained by the first network 
system, the data structure configured to maintain trusted namespaces 
corresponding to the second network system, and wherein: 

the first network system is configured to determine from the trusted 
namespaces where to communicate a service account request to access a resource 
maintained by the second network system; 

the first network system is further configured to provide a security 
identifier to the second network system, the security identifier corresponding to a 
user account maintained by the first network system; and 

the second network system is configured to determine from the trusted 
namespaces whether to trust the security identifier to authorize the service account 



request. 
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32. (currently amended) A network system domain, comprising: 
a root domain controller communicatively linked with one or more network 
system domains in a first network system; and 

a trusted domain component configured to define a trust link between the 
root domain controller and a second network system root domain controller, the 
second network system root domain controller communicatively linked with one 
or more second network system domains that are administratively independent 
from the first network system domains, and the trust link being configured to 
provide transitive resource access between the first network system domains and 
the second network system domains , the trusted domain component being further 
configured to provide remote network authentication such that an account 
managed bv a second network system domain can initiate a request for 
authentication via a first network system domain . 

33* (original) A network system domain as recited in claim 32, 
wherein the root domain controller is configured to create the trusted domain 
component when the trust link is initiated. 

34* (original) A network system domain as recited in claim 32, 
wherein the root domain controller is configured to establish the transitive 
resource access between the first network system domains and the second network 
system domains when the trust link is initiated. 
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35. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component defines a one-way trust link from the root 
domain controller to the second network system root domain controller. 

36. (canceled) 

37, (currently amended) A network system domain as recited in 
claim 32, wherein the trusted domain component is further configured to provide 
the remote network authentication to access a resource managed by [[a]] the 
second network system domain, such that an the account managed by [[a]] the first 
network system domain can initiate a request to access the resource via th e 
network oyatcm domain , the request communicated from the root domain 
controller to the second network system root domain controller via the trust link. 

38, (currently amended) A network system domain as recited in 
claim 32, wherein the root domain controller is configured to determine from the 
trusted domain component where to communicate [[a]] the request for 
authentication received from m the account managed by [[a]] the second network 
system domain. 

39* (currently amended) A network system domain as recited in 
claim 32, wherein the trusted domain component is configured to indicate where 
to communicate [[a]] tiKe request for authentication received from m the account 
managed by [[a]] die second network system domain. 
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40. (currently amended) A network system domain as recited in 
claim 32, wherein the root domain controller is configured to determine from the 
trusted domain component where to communicate a request for a resource, the 
request received from an the account managed by [[a]] tfie second network system 
domain and the resource maintained by the second network system domain. 

41. (currently amended) A network system domain as recited in 
claim 32, wherein the root domain controller is configured to receive a request to 
logon to [[a]] the second network system domain, and determine from the trusted 
domain component to communicate the request to the second network system root 
domain controller via the trust link. 

42* (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
trusted namespaces corresponding to the second network system. 

43. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
namespaces corresponding to trusted second network system domain components. 
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44. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
namespaces corresponding to the second network system, and wherein the root 
domain controller is configured to maintain the data structure and automatically 
designate which of the namespaces are trusted by the first network system. 

45- (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure maintained by the root 
domain controller, the data structure configured to maintain namespaces 
corresponding to the second network system, and the namespaces being 
designated as trusted by a network system administrator. 

46, (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure maintained by the root 
domain controller, the data structure configured to maintain trusted namespaces 
corresponding to the one or more second network system domains, and wherein 
the root domain controller is configured to receive a request to logon to the second 
network system and determine from the trusted namespaces where to 
communicate the request. 
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47* (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure configured to maintain 
trusted namespaces corresponding to the second network system, and wherein the 
root domain controller is configured to determine from the trusted namespaces 
where to communicate a request for a resource, the request received from an 
account managed by the root domain controller and the resource maintained by a 
second network system domain. 

48. (original) A network system domain as recited in claim 32, 
wherein: 

the trusted domain component is a data structure configured to maintain 
trusted namespaces corresponding to the second network system; 

the root domain controller is configured to determine from the trusted 
namespaces where to communicate a request for a resource, the request received 
from an account managed by the root domain controller and the resource 
maintained by a second network system domain; and 

the second network system is configured to authorize the request for the 
resource. 
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49, (original) A network system domain as recited in claim 32, 
wherein the root domain controller is configured to: 

receive an account request to logon to a second network system domain; 
determine from the trusted domain component where to communicate the 

account request; and 

provide a security identifier to the second network system domain 
controller, the security identifier corresponding to the account. 

50. (original) A network system domain as recited in claim 32, 
wherein the trusted domain component is a data structure maintained by the 
domain controller, the data structure including trusted namespaces corresponding 
to the second network system, and wherein the root domain controller is 
configured to: 

determine from the trusted namespaces where to communicate a logon 
request received from an account managed by a second network system; and 

provide a security identifier to the second network system domain 
controller, the security identifier corresponding to the account. 
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51. (original) A first network system domain controller performing a 
method comprising: 

establishing a trust link with a second network system domain controller to 
provide transitive resource access between domains in a first network system and 
domains in a separate, autonomous second network system; 

receiving an authentication request from an account managed by a domain 
in the second network system; and 

determining to authenticate the request via the trust link. 

52. (original) A method as recited in claim 51, wherein establishing 
the trust link comprises: 

receiving network system identifiers corresponding to the second network 
system; 

creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 

53. (original) A method as recited in claim 51, wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; and 
designating which of the namespaces to trust 
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54. (original) A method as recited in claim 51, wherein establishing 

the trust link comprises: 

receiving network system identifiers corresponding to the second network 

system; 

creating a data structure to maintain the network system identifiers; 
determining whether to trust an individual network system identifier; and 
designating in the data structure whether to trust the individual network 
system identifier. 

55. (original) A method as recited in claim 51, wherein establishing 

the trust link comprises: 

receiving namespaces corresponding to the second network system; 

creating a data structure to maintain the namespaces; 

determining whether to trust an individual namespace; and 

designating in the data structure whether to trust the individual namespace. 

56. (original) A method as recited in claim 51, wherein establishing 
the trust link comprises: 

receiving network system identifiers corresponding to the second network 
system; 

comparing a received network system identifier with existing network 
system identifiers to determine whether to accept the received network system 
identifier; and 

creating a data structure to maintain accepted network system identifiers. 
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57, (original) A method as recited in claim 51, wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
comparing a received namespace with existing namespaces to determine 
whether to accept the received namespace; and 

creating a data structure to maintain accepted namespaces. 

58, (original) A method as recited in claim 51, wherein establishing 
the trust link comprises receiving network system identifiers corresponding to the 
second network system and designating which of the network system identifiers to 
trust, and wherein determining comprises comparing a component of the request 
with the network system identifiers to determine that the account is managed in 
the second network system. 

59, (original) A method as recited in claim 51, further comprising 
providing a security identifier corresponding to the account to the first network 
system domain controller, the first network system domain controller comparing 
the security identifier with stored network system identifiers to determine whether 
the security identifier is valid. 
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60, (original) A first network system domain controller performing a 

method comprising: 

establishing a trust link with a second network system domain controller to 
provide transitive resource access between domains in a first network system and 
domains in a separate, autonomous second network system; 

receiving a resource request from an account managed by the first network 

system domain controller, 

determining to communicate the resource request to the second network 

system; and 

communicating the resource request to the second network system domain 
controller via the trust link. 

61, (original) A method as recited in claim 60, wherein establishing 

the trust link comprises: 

receiving network system identifiers corresponding to the second network 

system; 

creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 

62, (original) A method as recited in claim 60, wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; and 
designating which of the namespaces to trust. 
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63, (original) A method as recited in claim 60, wherein establishing 
the trust link comprises receiving network system identifiers corresponding to the 
second network system and designating which of the network system identifiers to 
trust, and wherein determining comprises comparing a component of the request 
with the network system identifiers to determine that the resource is managed in 
the second network system. 

64. (original) A method as recited in claim 60, further comprising 
providing a security identifier corresponding to the account to the first network 
system domain controller, the first network system domain controller comparing 
the security identifier with stored network system identifiers to determine whether 
the security identifier is valid. 
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65. (original) One or more computer-readable media comprising 
computer-executable instructions that, when executed, direct a first network 
system domain controller to perform a method comprising: 

establishing a trust link with a second network system domain controller to 
provide transitive resource access between domains in a first network system and 
domains in a separate, autonomous second network system; 

receiving a resource request from an account managed by a domain 
controller in the second network system; 

determining to communicate the resource request to the second network 

system; and 

communicating the resource request to the second network system domain 
controller via the trust link. 

66. (original) One or more computer-readable media as recited in 
claim 65, wherein establishing the trust link comprises: 

receiving network system identifiers corresponding to the second network 



system; 



creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 
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67. (original) One or more computer-readable media comprising 
computer-executable instructions that, when executed, direct a domain controller 
in a first network system to perform a method comprising; 

requesting network system identifiers corresponding to a second network 
system to create a trust link between the first network system and the second 
network system, the second network system being autonomous from the first 
network system; 

determining whether to accept the network system identifiers; 

designating accepted network system identifiers as trusted with trust 
indicators; and 

creating a data structure to maintain the accepted network system identifiers 
and corresponding trust indicators. 

68. (original) One or more computer-readable media as recited in 
claim 67, wherein determining comprises comparing an individual network system 
identifier with existing network system identifiers and rejecting the individual 
network system identifier if it is a duplicate of an existing network system 
identifier 
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69. (original) One or more computer-readable media as recited in 
claim 67, the method further comprising: 

receiving an authentication request to logon to a domain in the second 

network system; 

comparing a component of the authentication request with the network 

system identifiers; and 

communicating the authentication request to the second network system if 
the component corresponds to a trusted network system identifier. 

70. (original) A domain controller in a first network system 
performing a method, comprising: 

receiving a security identifier from a domain controller in a second network 
system via a trust link, the security identifier corresponding to an account 
managed by the second network system; 

determining whether the security identifier is valid; and 
trusting the account corresponding to the security identifier if the security 
identifier is determined to be valid. 

71. (original) A method as recited in claim 70, wherein determining 
comprises comparing the security identifier with network system identifiers and 
determining that the security identifier is valid if it matches a component of a 
network system identifier. 
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72* (original) A method as recited in claim 70, wherein determining 
comprises comparing the security identifier with stored network system identifiers 
and determining that the security identifier is valid if it matches a component of a 
network system identifier, the network system identifiers received from the second 
network system and designated as being trusted when the trust link is initiated. 

73. (original) A method as recited in claim 70, wherein the security 
identifier corresponds to a security principal managed by the domain controller in 
the second network system. 

74. (original) One or more computer-readable media comprising 
computer-executable instructions that, when executed, direct a computing system 
to perform the method of claim 70. 
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